In this paper, a puppet load Balancing environment experiment is presented.
Foreman-proxy can be four-layer or seven-layer load, can be implemented in the Foreman Web interface to add a smart-proxy, backend multiple real foreman-proxy processing purposes
Personal adoption of the Haproxy implementation of the four-layer and seven-tier agents, PM01 and pm03 are Foreman-proxy server, AG01 is the foreman server, LVS is a Load Balancer server (VIP on the LVS01 server), the above agent puppet, Foreman-proxy business.
5.1 foreman-proxy seven-layer load balancing
Because the seven layer in the agent to do HTTPS, SSL certificate authentication problem, and according to the official configuration file prompts, the use of HTTP proxy, not the HTTPS proxy, and all the SSL certificate is replaced with the LVS Agent SSL certificate.
5.1.1 Modifying the Foreman-proxy configuration file
[Email protected] puppet]# grep-v "#"/ETC/FOREMAN-PROXY/SETTINGS.YML | Grep-v "^$"
---
: settings_directory:/ETC/FOREMAN-PROXY/SETTINGS.D
: Ssl_ca_file:/var/lib/puppet/ssl/certs/ca.pem
: ssl_certificate:/var/lib/puppet/ssl/certs/lvs.jq.com.pem
: Ssl_private_key:/var/lib/puppet/ssl/private_keys/lvs.jq.com.pem
: trusted_hosts:
-Pm01.jq.com
-Pm02.jq.com
-Pm03.jq.com
-Ag01.jq.com
-Ag02.jq.com
-Ag03.jq.com
-Ca01.jq.com
-Ca02.jq.com
-Lvs01.jq.com
-Lvs02.jq.com
-Pc.jq.com
-Lvs.jq.com
:d Aemon:true
: bind_host:0.0.0.0
: http_port:8000 # The default here is: https_port:8443
: Virsh_network:default
: Log_file:/var/log/foreman-proxy/proxy.log
: Log_level:debug
5.1.2 Modifying the foreman configuration file for Foreman-proxy
[Email protected] puppet]# Cat/etc/puppet/foreman.yaml
---
: URL: "Https://ag01.jq.com"
: Ssl_ca: "/var/lib/puppet/ssl/certs/ca.pem"
: Ssl_cert: "/var/lib/puppet/ssl/certs/lvs.jq.com.pem"
: Ssl_key: "/var/lib/puppet/ssl/private_keys/lvs.jq.com.pem"
: User: ""
:p assword: ""
:p uppetdir: "/var/lib/puppet"
:p uppetuser: "Puppet"
: Facts:true
: Timeout:10
: Threads:null
5.1.3 Haproxy Proxy configuration
[Email protected] haproxy]# grep-v "#"/etc/haproxy/haproxy.cfg | Grep-v "^$"
Global
Maxconn 40000
Ulimit-n 500000
Log 127.0.0.1 local0 Info
UID 99
GID 99
Chroot/tmp
Daemon
Defaults
Log Global
Retries 2
Option Redispatch
Option Dontlognull
Option Httpclose
Balance Roundrobin
Timeout Connect 30000ms
Timeout Client 30000ms
Timeout Server 30000ms
Timeout Check 2000
Listen Admin_stats
Bind 0.0.0.0:8080
Mode http
Stats Refresh 5s
Stats enable
Stats Hide-version
Stats Realm Haproxy\ Statistics
Stats Uri/haproxy
Stats Auth Admin:password
Listen puppetmaster *:8140
Mode TCP
Option Ssl-hello-chk
Balance Source
Server pm01 pm01.jq.com:8140 check Inter fall 3
Server pm03 pm03.jq.com:8140 check Inter fall 3
Frontend Foremanproxy
Bind 0.0.0.0:8000
Mode http
Log Global
Option Httplog
Reqadd x-forwarded-proto:\ HTTPS
Default_backend Web_server
Backend Web_server
Mode http
Log Global
Option Httplog
Balance Source
Cookie ServerID Insert Indirect nocache
Server pm01 pm01.jq.com:8000 check Inter fall 3
Server pm03 pm03.jq.com:8000 check Inter fall 3
At the same time, the Foreman-proxy runs on port 8000 and is also safe,
As can be seen, the information to the 8000 port, and finally HTTPS processing.
5.2 Foreman-proxy Four-layer load balancing
The four-tier uses the HTTPS proxy, the Haproxy configuration is as follows:
Listen Foreman-proxy *:8443
Mode TCP
Option Ssl-hello-chk
Option Tcplog
# #balance Source
Balance Roundrobin
# #balance Source
Server pm01 pm01.jq.com:8443 check Inter fall 3
Server pm03 pm03.jq.com:8443 check Inter fall 3
5.3 Foreman Web Add Smart_proxy
Foreman Web Interface add Smart_proxy, only need to add Foreman-proxy on the LVS server, as follows:
Four-layer load:
http://lvs.jq.com:8000
Seven-layer load:
https://lvs.jq.com:8443
5.4 Load Test
Using the method of stopping the foreman-proxy process on the PM01 and PM03 servers respectively, remove the host and Smart_proxy on the foreman page before each test, and then add the Foreman-proxy address to the Web, in Pm01,pm03, Ag01 on the execution of puppet agent-t, it can be found that the host was successfully added to the host page.
Foreman-porxy Load Balancing Setup